Method for testing the authenticity of a data carrier

ABSTRACT

A method for testing the authenticity of a data carrier having at least an integrated circuit with memory units and logic units as well as a data line for data exchange with an external device. The invention is characterized in that the integrated circuit additionally has a separate hard-wired circuit for transmitting and/or receiving data during the power-up sequence, which is used for authenticity testing, the first transmission or reception of data being completed within a defined time domain of the power-up sequence in which the data line has no defined state.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to a method for testing the authenticity of adata carrier according to the preamble of claim 1. The invention relatesfurther to a data carrier assembly for carrying out the method.

2. Description of Related Art

A method for authenticity testing is known e.g. from EP-A1 0 321 728. Inthe known method the data carrier is switched by a control signaltransmitted by an external device from the normal mode to the checkingmode in which authenticity testing takes place. For this purpose thedata carrier has an additional switching logic which performs thisswitch-over in accordance with the external signal. In the checking modethe data carrier is then fed checking data from outside which areprocessed by an additional electronic circuit, e.g. in the form of ananalog computer. The time the analog computer takes to process thechecking data constitutes an authenticity feature for the data carrier.In the known method the authenticity testing occurring in the checkingmode of the data carrier is decoupled from the normal mode so that thenormal mode, which as a rule follows standardized protocols, is notdisturbed by the authenticity testing. However this means that aswitch-over by means of the additional switching logic from the normalmode to the checking mode is necessary before each authenticity testing.

SUMMARY OF THE INVENTION

The objective of the invention is to propose a method for testing theauthenticity of a data carrier wherein the authenticity testing iscompatible with existing standardized protocols and can be done with lowcircuit complexity.

This problem is solved by the features stated in claim 1.

The basic idea of the invention is that the first transmission orreceptinon of data used for authenticity testing occurs during thepower-up sequence for the data carrier in which the data line has as yetno defined state for data exchange with an external device. For examplethe data line can be in an undefined state for a defined time domainduring the power-up sequence according to the standard ISO/IEC 7816-3.Since the first transmission or reception of data is completed withinthe time domain defined by the standard, the data exchange standardizedfor communication with chip cards is not disturbed. The test procedurecan therefore take place according to the invention with existingprotocols conforming to standards.

The data carrier has an additional special circuit which transmits to,or receives from, an external device the data required for authenticitytesting within said time domain for which the data line need have nostate defined by the protocol.

In a first embodiment e.g. an identification of the data carrierrealized in hardware can be transmitted to the external device withinsaid time domain. The external device, e.g. card reading device,likewise has a special circuit permitting reception of the datatransmitted by the card within this time domain so that the device canperform authenticity testing. But even if the device has no such specialcircuit and is thus not in a position to receive the data transmitted bythe card within said time, the communication protocol is not disturbedby transmission of the data. Therefore no errors can occur in theprotocol run when the card communicates with a conventional devicewithin this time.

According to a development the special circuit located on the integratedcircuit of the data carrier can also generate a random number withinsaid time domain which is then logically combined with the data carrieridentification by the special switching logic of the data carrier, theresult of combination being transmitted from the data carrier to theexternal device within said time domain, but at the latest in theanswer-to-reset signal (ATR). The use of a random number makes a replayattack impossible, i.e. replay of tie previously transmitted data.

In a further embodiment the external device, e.g. card reading device,can also have an additional circuit which serves to generate the randomnumber. The random number is then preferably transmitted to the datacarrier in synchronism to the clock signal within said time domainbecause of the higher transfer rate. The special additional circuit ofthe data carrier is in a position to receive the transmitted randomnumber within said time domain for which the contact element need haveno defined state, and to transmit at least part of the received randomnumber back to the external device within this time. As an extension ofthis, the special switching logic of the data carrier can also logicallycombine the received random number with the data carrier identificationand transmit the result of combination back to the external devicewithin said time domain or at the latest in the ATR signal toacknowledge reception of the random number. The external device can thenuse the result of combination received from the data carrier to checkwhether the data carrier is detectably capable of receiving thetransmitted random number within said time domain and combining itcorrectly with the data carrier identification and transmitting it tothe external device within a predetermined time. The presence of theresult of combination in the ATR signal constitutes a classidentification for the data carrier and can be evaluated as such by theexternal device, whereas the content of the result of combinationconstitutes an identification specific to the data carrier.

BRIEF DESCRIPTION OF THE DRAWINGS

Further advantages and advantageous developments can be found in thedescription of the invention with reference to the figures, in which:

FIG. 1 shows a data carrier assembly for authenticity testing,

FIG. 2 shows the standardized signal pattern in the power-up sequence ofthe data carrier,

FIGS. 3a to 3c show an embodiment of the inventive test procedurewherein the data carrier transmits the data,

FIGS. 4 and 5 each show an embodiment of the inventive method whereinthe data are transmitted by an external device and received by the datacarrier,

FIG. 6 shows a data carrier assembly consisting of an external deviceand a data carrier for testing the authenticity of the data carrier,

FIG. 7 shows a safety module which is part of the external device andused for performing authenticity testing,

FIG. 7a shows a data carrier assembly consisting of an external deviceand a data carrier for testing the authenticity of the data carrier,

FIG. 8a shows a data carrier in which the safety module is housed,

FIG. 8b shows a cross section through the electronic module of the datacarrier from FIG. 8a,

FIG. 9 shows a basic wiring diagram of the data carrier,

FIG. 10 shows an embodiment of a special circuit,

FIG. 11 shows a further embodiment of a special circuit of the datacarrier,

FIG. 12 shows a part of the special circuit,

FIGS. 13 and 14 show flow charts for testing the authenticity feature ofthe data carrier.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 shows a data carrier assembly for testing the authenticity of adata carrier in the form of chip card 1 which communicates via data line4 with external device 5, e.g. a card reading device. The chip card canbe a contacting chip card or a contactless chip card which communicateswith the external device without contact.

FIG. 2 shows the signal pattern upon a reset of the data carrier as isstandardized e.g. in the international standard ISO/IEC 7816-3. One seesspecifically ground potential GND, supply voltage VCC, reset signal RSTfed externally for resetting the data carrier, clock signal CLK and dataline I/O. When supply voltage is Applied and the voltage stabilized andthe clock signal applied at time T_(c), data I/O is in the receivingmode for reset signal RST provided by an external device at time T₁. Asof time T₀ data line I/O can be in an undefined state for time domain t₂according to said standard. According to the standard time domain t₂must be smaller than or equal to 200 clock cycles divided by clockingrate f_(i). When this time has elapsed data line I/O must be in adefined state and can therefore not be used for transmitting orreceiving data before reset signal RST. Upon receiving reset signal RSTat time T₁ the data carrier answers with answer-to-reset signal ATRafter time period t₁.

FIG. 3a shows the first transmission process, e.g. the transmission ofidentification KN of the data carrier, by the latter to an externaldevice within time domain t₂. As soon as clock signal CLK is applied thedata carrier automatically transmits the identification, e.g. serialnumber, directly to the external device preferably in synchronism to theclock signal. Synchronous transmission permits a higher transmittingrate than asynchronous transmission. The serial number could of coursealso be transmitted in asynchronism to the clock signal if this can bedone within time domain t₂. In any case the data carrier has not onlythe usual logic and memory units but also a special circuit whichpermits this fast transmission within the stated time period. With astandard command the external device can then read out the serial numberstored in a memory in the data carrier and compare it with the serialnumber received from the data carrier. If the serial number transmittedby the data carrier by means of the special circuit matches the one readout of the data carrier memory, the data carrier is detectably capableof transmitting the data necessary for authenticity testing very fastwithin time domain t₂. This property is an authenticity feature whichcan be fulfilled by no conventional data carrier, i.e. a data carrierwithout this special circuit.

The method step shown in FIG. 3b is an extension of the method accordingto FIG. 3a. Identification KN is combined e.g. by exclusive-OR withrandom number RND generated by the data carrier, the result ofcombination with generated random number RND being transmitted to theexternal device. The random number is generated within time domain t₂.The result of combination with random number RND is preferably likewisetransmitted within time period t₂. However it is also possible, as shownin FIG. 3c, to transmit the result of combination and the random numberin the answer-to-reset signal of the data carrier e.g. in the historicalcharacters of the ATR signal. The external device can then in a laterauthentication step, according to the normal protocol run, combine thereceived random number with identification KN read out of a memory inthe data carrier by the same logical operation again and compare theresult of combination with the result of combination from the datacarrier transmitted in the ATR signal. The use of a random number makesa replay attack impossible, i.e. an attack by replaying the previouslyrecorded data.

FIG. 4 shows a further embodiment of the inventive method. In a firstmethod step the external device transmits random number RND, which caninclude e.g. 8 bytes, to the data carrier within time period t₂.Transmission preferably takes place in synchronism to the clock signalbut can also be asynchronous. Within time period t₂ the data carriertransmits at least last byte R₈ ' of the received random number back tothe external device. The external device then compares last byte R₈ ofthe random number generated by it with byte R₈ ' received from the datacarrier. If they match, the data carrier was able to receive thetransmitted random number correctly and transmit at least part back. Thefact that the data carrier can receive data very fast is an authenticityfeature. The data carrier can of course also transmit the entire randomnumber received within period t₂ back to the external device, ratherthan the last byte of the random number. This can also take place forexample in the ATR signal.

In addition random number RND received from the external device withintime period t₂ can be combined by a logical operation with data carrieridentification KN by the special switching logic of the data carrier. Asa logical operation one can use e.g. a polynomial modulo division withthe identification as the divisor polynomial for the random number. Thislogical operation is familiar to the expert and will therefore not bedescribed more closely here. Identification KN combined in such a waywith the random number of the data carrier can then be transmitted tothe external device within time period t₂ or in the ATR signal of thedata carrier. Both variants are conceivable here. The external devicethen obtains the random number received by the data carrier from theresult of combination of random number and identification again byexecuting an inverse function to the logical operation and compares itwith the random number generated by the external device. If they matchthis shows that the data carrier, in particular the special circuit ofthe data carrier, is detectably capable of receiving and combining therandom number very fast and transmitting the result of combination tothe external device within t₂ or at the latest in the ATR signal of thedata carrier, e.g. in the historical characters.

FIG. 5 shows a further embodiment in which random number RND transmittedby the external device, which can include e.g. several bytes, isreceived by the data carrier within time period t₂, whereby either thewhole random number or at least the last byte of the transmitted randomnumber, depending on the length of the random number, is combined withdata carrier identification KN by exclusive-OR, the result ofcombination being transmitted to the external device jointly with thedata carrier identification within time t₂ or in the ATR signal. Theexternal device then performs the same logical operation again startingout from received identification KN and generated random number RND andcompares the result of combination obtained by the external device withthe result of combination received from the data carrier.

The statements on FIGS. 3 to 5 show that for testing the authenticityfeature of the data carrier the external device must perform operationsgoing beyond normal communication between the external device and thedata carrier. For example the external device transmits to the datacarrier a random number which is logically combined with anidentification there, as described above, and the result of logicalcombination is checked in the external device.

It is possible to design the microprocessor unit of the external deviceright from the start so that it can perform the operations necessary fortesting the authenticity feature of the data carrier. In externaldevices already in service the microprocessor unit is not formed in thisway. If they are nevertheless to be used for testing the authenticityfeature of the data carrier it is especially advantageous to provide theexternal device subsequently with a safety module for performing thetesting, in addition to its microprocessor unit. Many external devicesalready in service are provided with at least one additional outlet forat least one additional module so that special adaptation of theexternal device is unnecessary. These outlets are not readily accessiblefrom outside, so that there is also no safety problem in housing thefunctions necessary for testing the authenticity feature in a separatesafety module.

In an especially advantageous embodiment the safety module can beformed, like the data carrier, as a chip card, which is preferablyformed as a plug-in (that is, a chip card with smaller dimensions than astandard chip card) because of the spatial confinement in most externaldevices.

FIG. 6 shows schematically a data carrier assembly for testing theauthenticity of a data carrier in the form of chip card 1 whichcommunicates with external device 5. One sees only the connecting linesbetween the components which are necessary for understanding thefollowing statements. External device 5 has, among other thingsmicroprocessor unit 9 and safety module 11. For communication betweendata carrier 1 and external device 5, microprocessor unit 9 is firstswitched on, then recognizing that a data carrier is located in externaldevice 5. Safety module 11 is then switched on by microprocessor unit 9and requested to test the authenticity feature of data carrier 1. Thiscan be done for example via control lines ST1 and ST2 to which a definedsignal is applied which corresponds to the request, e.g. a logical 1 oncontrol line ST1 and on control line ST2. A random number is thengenerated in safety module 11, first being stored in safety module 11after a request by microprocessor unit 9. The request can be issued forexample again via control lines ST1 and ST2 to which a defined signal isagain applied, e.g. a logical 0 on control line ST1 and a logical 1 online ST2.

After the random number is stored in safety module 11 data carrier 1 isswitched on by microprocessor unit 9, as explained above in connectionwith FIG. 2. When supply voltage is applied to data carrier 1, thevoltage stabilized and the clock signal applied to data carrier 1 attime T₀, data line I/O to data carrier 1 is in the receiving mode forreset signal RST fed to the data carrier by microprocessor unit 9. As oftime T₀ data line I/O leading to data carrier 1 can be in an undefinedstate for time domain t₂, as described above in connection with FIG. 2.Time domain t₂ is used to test the authenticity feature of data carrier1 with the help of safety module 11.

For this purpose safety module 11 transmits the above-mentioned storedrandom number to data carrier 1 via I/O after data carrier 1 is switchedon and a request is made by microprocessor unit 9. The request totransmit the random number can again be made via control lines STl andST2 to which a defined signal is applied which corresponds to therequest (e.g. a logical 1 on control line ST1 and a logical 0 on controlline ST2).

In data carrier 1 the transmitted random number is logically combinedwith identification KN within time domain t₂ and the result ofcombination transmitted by data carrier 1 along with identification KNback to safety module 11 of external device 5.

In safety module 11 transmitted identification KN is likewise logicallycombined with the random number just as in data carrier 1 and the resultof combination compared with the result transmitted by the data carrier.Matching results prove that data carrier 1 is authentic. A correspondingmessage is transmitted by safety module 11 to microprocessor unit 9,which then begins with the actual communication between external device5 and data carrier 1.

Although the authenticity feature testing described in connection withFIG. 6 was virtually like that explained above in connection with FIG.4, safety module 11 can naturally also be used to perform anydifferently designed authenticity tests (see e.g. FIG. 3 and FIG. 5).Safety module 11 should then be adapted to the particular authenticityfeature of data carrier 1.

FIG. 7 shows a schematic view of how safety module 11 can be constructedfor example. Like FIG. 6, FIG. 7 shows only the connecting lines betweenthe individual components which are necessary for understanding. In theembodiment shown, safety module 11 has standard microprocessor unit 13formed as a separate integrated circuit. Furthermore safety module 11has further integrated circuit 15 connected with standard microprocessorunit 13. Integrated circuit 15 has a structure as simple as possible sothat it can be driven quickly and easily and test the authenticityfeature of data carrier 1 (not shown) quickly.

Integrated circuit 15 preferably has a hard-wired logic which can becontrolled quickly and easily by microprocessor unit 9 via control linesST1 and ST2 (cf. also FIG. 6). The following control signals can bespecified for example:

control line ST1 logical 0, control line ST2 Logical 0 means:authenticity feature should not be tested,

control line ST1 logical 1, control line ST2 logical 1 means:authenticity feature should be tested,

control line ST1 logical 0, control line ST2 logical 1 means: a randomnumber generated in safety module 11 should first be stored in registersof integrated circuit 15 (cf. also FIG. 6),

control line ST1 logical 1, control line ST2 logical 0 means: the aboveregister content, i.e. the random number, should be transmitted to thedata carrier (cf. also FIG. 6).

The two control lines ST1 and ST2 thus allow complete control ofintegrated circuit 15 and thus external control of safety module 11.

In the following the internal communication between integrated circuit15 and standard microprocessor unit 13 will be discussed. Afterintegrated circuit 15 is requested by microprocessor unit 9 to test theauthenticity feature of the data carrier, integrated circuit 15 switcheson standard microprocessor unit 13 according to the power-up sequenceconforming to ISO (ISO/IEC 7816-3). The power-up sequence is known tothe expert and furthermore explained briefly above in connection withFIG. 2 so that it need not be discussed more closely here.

Standard microprocessor unit 13 then generates a random number which istransmitted to integrated circuit 15 and stored in the abovementionedregister there. The stored random number is transmitted to data carrier1 after a request by microprocessor unit 9 (see above), and logicallycombined there as explained above in connection with FIG. 6. Datacarrier 1 then transmits the information necessary for testing theauthenticity feature to safety module 11, as likewise explained above inconnection with FIG. 6. The transmitted information is stored intemporary registers of integrated circuit 15. Standard microprocessor 13then requests the stored information from integrated circuit 15 andchecks the derived random number (see above).

It was explained in connection with FIG. 7 that safety module 11 has twointegrated circuits which perform the stated functions. It is obviouslyalso possible to combine the two integrated circuits in one integratedcircuit or to provide an integrated circuit with a microprocessor unitwhich is driven as usual by certain commands from microprocessor unit 9and tests the authenticity feature independently. However such drive bymicroprocessor commands is as a rule more time-consuming than theabovementioned control of integrated circuit 15 via control lines ST1and ST2.

An embodiment in which safety module 11 has only one integrated circuitis shown in FIG. 7a. The integrated circuit has a microprocessor unitformed so that it can perform the functions necessary for testing theauthenticity feature. Communication between microprocessor unit 9,safety module 11, external device 5 and data carrier 1 takes placevirtually as described above in connection with FIG. 6, so that only thedifferences will be discussed in the following.

Integrated circuit 15 is driven by microprocessor unit 9 via I/O₁. Themicroprocessor commands necessary for testing the authenticity featureare thus transmitted via I/O₁. The corresponding commands were explainedabove in connection with FIG. 7. In the embodiment shown one can thusdispense with control lines ST1 and ST2 as are shown in FIG. 6.

The data transmitted to data carrier 1 by integrated circuit 15 ofsafety module 11 also correspond to the data transmitted in FIG. 6.These data can be transmitted from interface I/O₂ or integrated circuit15, which is always present in commercial integrated circuits for chipcards, to interface I/O₁ of the data carrier. In this case thetransmission paths of the commands from microprocessor unit 9 tointegrated circuit 15 and of the data from integrated circuit 15 to datacarrier 1 are separated from each other. It is obviously also possibleto transmit the data from interface I/O₁ of integrated circuit 15 tointerface I/O₁ of data carrier 1, as also shown in FIG. 6.

FIG. 8a shows greatly enlarged and not true to scale plug-in card 17 inwhich safety module 11 is housed as electronic module 19. Mini chip card17 is plugged in one of the abovementioned outlets in external device 5so that the authenticity feature of data carrier 1 can now be testedwith the help of card 17 (see FIG. 1).

FIG. 8b shows likewise greatly enlarged and not true to scale a crosssection through the electronic module along line AA shown in FIG. 8a.The structure of such electronic modules is known in the art (e.g. fromEP 0 299 530 B1) so that it will not be explained more closely here.Electronic module 9 contains both standard microprocessor unit 13 andintegrated circuit 15 which are both electrically connected with contactsurfaces 21. The two integrated circuits are preferably superimposed, asshown in FIG. 8b, but can of course also be side by side. Both circuitscan communicate after application of the corresponding voltages andsignals via contact surfaces 21 with each other and with microprocessorunit 9. The communication sequence between the components has beendescribed above.

Now that the communication between external device 5 and data carrier 1and the internal communication within external device 5 have beenexplained, data carrier 1 itself will now be discussed.

Data carrier 1 schematically shown in FIG. 9 differs from conventionaldata carriers, e.g. with a microprocessor, in that, in addition to usualmicrocontroller 3, special circuit 2 is provided for transmitting orreceiving data and possibly combining the data with a data carrieridentification realized in hardware, e.g. serial number. The datacarrier identification can be realized e.g. during the productionprocess of the integrated circuit by firing fuses as a hardware featurefor the special circuit of the integrated circuit. The hardwarerealization of such an identification is described e.g. in the as yetunpublished patent application PCT/EP 93/03668. In addition to theembodiments described in this application the identification can also beprovided e.g. by setting the fuses by means of a laser cutter in thewafer fabrication so that the fuses are set irreversibly in a definedlogical state.

A further possibility of realizing the identification as hardware is toform certain areas of the silicon of the integrated circuit as amorphoussilicon areas and to use these areas as fuses. The amorphous areas arenonconductive, but can be transformed into crystalline conductivesilicon areas by sending a sufficiently high current through theseareas. The unfired fuse is thus nonconductive and the fired fuseconductive. A particular advantage of forming the fuses for theidentification as amorphous silicon areas is that amorphous siliconcannot be distinguished from crystalline silicon optically. The datacarrier identification can thus not be spied out using optical methods.

Microcontroller 3 of the data carrier can also directly access specialcircuit 2 in the shown configuration. For example microcontroller 3 canread out the result of combination calculated by special switching logic2 when the result calculated by special circuit 2 is to be transmittedto the external device as part of the ATR signal, e.g. in the historicalcharacters. However special circuit 2 can also transmit the result ofcombination to the external device directly via data line I/O withintime domain t₂ without assistance from microcontroller 3, since specialcircuit 2 is connected directly with GND, VCC, reset, clock and the I/Odata line. This hardware configuration of the data carrier permits thefast transmission or reception of data and possibly the combination ofthe data with a data carrier identification to be performed within saidtime period t₂. Instead of the I/O line special circuit 2 can also beconnected with one of the two RFU lines (reserved for future use) notshown. Installation of this special circuit as an authenticity featurefor a data carrier prevents the authenticity testing method from beingemulated or simulated by conventional data carriers, e.g. with amicroprocessor, by the latter or by an external logic circuit.

FIG. 10 shows the essential parts of data carrier special circuit 2which is e.g. able to perform a polynomial modulo division of the randomnumber with the data carrier identification as the divisor polynomial.Special circuit 2 includes e.g. 32 XORs, 32 ANDs, a NEG gate and shiftregister A. Furthermore the integrated circuit of the data carrier bearsfuses (not shown) which are set e.g. by means of a laser cutter in adefined logical state during wafer fabrication. These fuses can be usede.g. to realize the identification as a hardware feature, furtherregister B containing the combination of logical states of the setfuses. Random number RND transmitted by the external device is loadedinto shift register A and the logic gates used to realize a polynomialmodulo division of the bit positions of the random number in register Awith register B which is determined by the data carrier identification,e.g. serial number.

FIG. 11 shows a further embodiment of special additional circuit 2 of adata carrier. In this embodiment random number RND transmitted by theexternal device is transmitted to first shift register SR1, data carrieridentification KN being contained in register B. The data carrieridentification can consist e.g. of two parts, the second part being anegation of the bit sequences of the first part. In synchronism to theclock, random number RND is then combined by exclusive-OR with theidentification, e.g. serial number. When combination is completed, whichis ascertained by means of suitable counters, the result of combinationas well as the identification are passed on to the second shift registerin synchronism to the clock and transmitted back to the external device.This preferably takes place within time domain t₂.

The above statements show that the identification contained in specialcircuit 2 of data carrier 1 is essential for authenticity testing of thedata carrier. If it is a data carrier-specific identification forexample, another specificity can be simulated by changing theidentification For this reason it is especially important that theidentification of data carrier 1 cannot be readily falsified.

If the data carrier identification is realized for example as a hardwareidentification by firing fuses (see also statements on FIG. 9), theidentification can be protected from falsification by using a circuitshown in FIG. 12 which is part of special circuit 2 (see FIG. 9). FIG.12 indicates 32 fuses which are either fired, like fuses 1 and 2, orunfired, like fuse 32. A fired fuse has a logical 1 associated therewithand an unfired fuse a logical 0. Fuses 1 to 32 represent the datacarrier identification. Each individual fuse 1 to 32 has associatedtherewith a complementary fuse which is in the complementary state tothe associated fuse (i.e. the complementary fuse of a fired fuse isunfired and vice versa). Complementary fuse 1 associated with fuse 1 isaccordingly unfired since fuse 1 shown is fired. The same holds forcomplementary fuse 2 associated with fuse 2. In contrast, complementaryfuse 32 is fired in the example according to FIG. 12 since fuse 32 shownis unfired.

Exclusive-OR gates 23 shown in FIG. 12 now check whether thecomplementary fuse associated with a fuse is really in the complementarystate. Gate 23 indicates a logical 1 at its output 25 only if gateinputs 27 and 29 are set in complementary fashion, inputs 27 and 29corresponding to the logical states of a fuse and the complementary fuseassociated.

Finally AND gate 31 checks whether a logical 1 is available at alloutputs of exclusive-OR gates 23 which are routed as inputs to AND gate31. In this case the output of AND gate 31 indicates a logical 1,otherwise a logical 0. Exactly when AND gate 31 indicates a logical 1 itis thus ensured that the complementary fuse associated with each fuse isin its proper state. Special circuit 2 of the data carrier is designedso that the identification can be used for testing the authenticity ofthe data carrier only if it is genuine, i.e. if a logical 1 is availableat the output of AND gate 31.

If the identification of data carrier 1 is to be falsified with intentto defraud, the states of fuses 1 to 32 which define the identificationmust be put at least partly in another state. With the circuit shown inFIG. 12 fuse 32 could e.g. be fired to falsify the identification, sothat it would show the state logical 1. In this case the firing ofcomplementary fuse 32 would have to be undone, however, so that it showsthe state logical 0 and exclusive-OR gate 23 associated with fuse 32 andcomplementary fuse 32 indicates a logical 1 at output 25 again. If thefiring of complementary fuse 32 cannot be undone, exclusive-OR gate 23indicates a logical 0 at output 25 and AND gate 31 also does at itsoutput, thus showing manipulation of the identification.

It is possible to form fuses in such a way that firing cannot be undonewith justifiable effort, so that the identification of special circuit 2and thus of data carrier 1 is protected very well from falsificationdone with intent to defraud.

The above statements relate mainly to testing of the authenticityfeature of data carrier 1 by external device 5. The authenticity featureis formed as a separate hard-wired circuit on the integrated circuit ofthe data carrier. If the authenticity feature can be checked positivelyby external device 5 this proves that data carrier 1 is an intrasystemauthentic data carrier. For most applications of data carriers it isfurthermore important to ascertain whether certain data contained in theintegrated circuit of the data carrier have been falsified. Such a checkof data contained in the integrated circuit of data carrier 1 can alsobe done in especially advantageous fashion with the authenticity featurecontained in special circuit 2, as explained by way of example in FIG.13.

The left column of FIG. 13 relates to external device 5 and shows field33 containing the variables stored in external device 5 for carrying outthe arithmetic operations described below. This is in particular masterkey K_(M). Furthermore the left column of FIG. 13 contains allarithmetic operations performed in the external device.

The middle column of FIG. 13 relates to special circuit 2 of datacarrier 1 (see also FIG. 6) and field 35 contains the variables storedin special circuit 2 for carrying out the arithmetic operationsexplained below. These are in particular data B and C, information Bbeing for example a group number and information C for example a cardnumber or other identification of the data carrier. Furthermore themiddle column of FIG. 13 contains those arithmetic operations performedby special circuit 2.

The right column of FIG. 13 relates to microcontroller 3 of data carrier1 (see also FIG. 6) and contains in field 37 those variables stored inmicrocontroller 3 for carrying out the arithmetic operations inmicrocontroller 3 as explained below. This is in particular key K_(ICC)associated with the data carrier, which is a function of master keyK_(M) and data B and C. Key K_(ICC) can already be stored inmicrocontroller 3 during production of data carrier 1.

Upon communication between external device 5 and data carrier 1 theauthenticity feature of data carrier 1 is first checked, as explainedseveral times above. For this purpose random number R₁ generated inexternal circuit 5 is first transmitted by external device 5 to specialcircuit 2 (see step 1, the steps being shown on the far left in FIG.13). In the special circuit random number R₁ is combined logically withdata B and C to form result A (see step 2). Data A, B and C aretransmitted in step 3 from special circuit 2 to external device 5. Thentransmitted data B and C are logically combined in external device 5with random number R₁ stored there to form result A' (see step 4). Instep 5 information A' is compared with information A transmitted byspecial circuit 2. If the two match it is ensured that data carrier 1 isan authentic intrasystem data carrier since the authenticity feature waschecked positively bv the external device.

In step 6 information A calculated in special circuit 2 is transmittedto microcontroller 3 of data carrier 1 (see also FIG. 6). Inmicrocontroller 3 function g is applied to information A using keyK_(ICC) and the result is key K_(S) valid for this specificcommunication (see step 7; generated random number R₁ enters key K_(S)via information A so that key K_(S) actually varies from communicationto communication).

External device 5 then transmits random number R₂ generated there tomicrocontroller 3 of data carrier 1 (see step 8). In microcontroller 3the function g is applied to random number R₂ using key K_(S) so thatresult x arises (see step 9). Result x is transmitted by microcontroller3 to external device 5 (see step 10).

In the external device data carrier key K_(ICC) is calculated from dataB and C transmitted in step 3 with the help of master key K_(M) storedin device 5 (see step 11). Calculated data carrier key K_(ICC) can nowbe used to calculate current key K_(S) from information A which waslikewise transmitted to the external device in step 3 (see step 12).Finally information x' can be calculated from generated random number R₂using key K_(S) (see step 13), said information finally being comparedthere with information x transmitted by microcontroller 3 (see step 14).

If data x' and x match it is considered proven for external device 5that special circuit 2 of data carrier 1 can communicate withmicrocontroller 3 of data carrier 1, since microcontroller 3 of datacarrier 1 can calculate information x correctly only if correctinformation A was previously transmitted to microcontroller 3 by specialcircuit 2 in step 6. It is thus impossible to provide an inauthentic andextrasystem data carrier subsequently with a special circuit notconnected to the microcontroller of the data carrier.

Furthermore it is considered proven for external device 5 that specialcircuit 2 and microcontroller 3 of data carrier 1 belong together, sinceonly if special circuit 2 and microcontroller 3 belong together doesmicrocontroller 3 contain the same data B and C as special circuit 2 andcorresponding data carrier key K_(ICC). Only in this case can the sameinformation x be calculated in microcontroller 3 as in external device5.

Because of this proof that special circuit 2 and microcontroller 3belong together by external device 5 it is thus impossible to provide adata carrier which is basically inauthentic and extrasystem with specialcircuit 2 subsequently with intent to defraud and thus simulate theauthenticity and system affiliation of data carrier 1.

Furthermore it is impossible to falsify data B and C in microcontroller3 of an authentic intrasystem data carrier with intent to defraud. Onone hand, data carrier key K_(ICC) would also have to be adaptedaccordingly since key K_(ICC) could be calculated any time from data Band C stored in microcontroller 3 in external device 5 and compared withstored key K_(lCC). Such adaptation is impossible, however, since adefrauder does not have master key K_(M). On the other hand, data B andC in special circuit 2 would also have to be changed accordingly, sinceotherwise different information x would be calculated in external device5 and microcontroller 3. But data B and C of special circuit 2 can beprotected well from falsification, as described e.g. in connection withFIG. 12.

Data B and C can be e.g. a group number and an individual chip number,or else personal data of the card owner, such as name and accountnumber, etc. The test routines explained above can obviously also beperformed if one uses e.g. only data B or data other than data B and C.

FIG. 14 shows how to prove that special circuit 2 and microcontroller 3of data carrier 1 belong together using an asymmetrical encodingalgorithm. FIG. 14 is constructed schematically just like FIG. 13, i.e.fields 33, 35 and 37 state the information stored in the correspondingcomponents. Furthermore the testing of the authenticity feature of datacarrier 1 is performed by external device 5 just as explained above inconnection with steps 1 to 5 of FIG. 13. This will accordingly not bediscussed again now.

After the authenticity feature of data carrier 1 is tested, specialcircuit 2 transmits information A to microcontroller 3 of data carrier 1(cf. also FIG. 6) and in step 7 random number R₂ generated in externaldevice 5. In step 8 certificate ZER2 is formed in microcontroller 3 fromrandom number R₂ and data A, B and C using secret key SK_(ICC) of datacarrier 1. Certificate ZER2 is transmitted along with certificate ZER1stored in microcontroller 3 to external device 5 (see step 9). IdentityID, data B and C and public key PK_(ICC) of the data carrier arecalculated from certificate ZER1 using public key PK_(Z) of institute Z(see step 10). Then random number R2' and information A', B' and C' arecalculated from certificate ZER2 using public key PK_(ICC) of the datacarrier just obtained (see step 11). Finally, in step 12 random numberR2' just obtained is compared with random number R2 generated in theexternal device, and data A, B and C just obtained with data A, B and Ctransmitted in step 3 (see also FIG. 13).

If comparison is positive it is considered proven that special circuit 2is in a position to communicate with microcontroller 3 (see step 6) andit is also considered proven that special circuit 2 and microcontroller3 belong together. Otherwise the data compared in step 12 would notmatch, since different data B and C would then be stored in specialcircuit 2 and microcontroller 3 of data carrier 1.

It is further considered proven that data B and C stored in themicrocontroller have not been falsified, since this information wouldotherwise no longer match data B and C stored in certificate ZER1. Thesedata are tested for agreement in step 12 so that a forgery would benoticed. Furthermore these data would also no longer match data B and Cstored in special circuit 2, which is likewise tested in step 12. Evenif an asymmetrical encoding method is used data B and C are thusprotected very well from falsification.

The operations mentioned in connection with FIGS. 13 and 14 andperformed in external device 5 can preferably be performed by safetymodule 11, as described in connection with FIGS. 6 to 8.

We claim:
 1. A method for testing the authenticity of a data carrierhaving at least an integrated circuit with memory units and logic unitsand exchanging data with an external device via a data line, the datacarrier receiving the operating and control signals necessary foroperation from the external device, characterized by the stepsof:transmitting and/or receiving data during a power-up sequence definedaccording to a protocol, via a separate, hard-wired circuit, and usingthe transmission and/or reception of data to test the authenticity ofthe data carrier, wherein the first transmission or reception of dataused for authenticity testing is completed within a defined time domainof the power-up sequence in which the data line has no state defined bythe protocol.
 2. The method of claim 1, characterized in that thepower-up sequence takes place according to the standardized protocolISO/IEC 7816-3, the first transmission or reception of data beingcompleted within time domain t₂ defined by the protocol.
 3. The methodof claim 2, characterized in that the data are transmitted by theexternal device and received by the data carrier within time domain t₂,and the received data are likewise transmitted back to the externaldevice by the data carrier within t₂ and/or in the answer-to-resetsignal of the data carrier defined by the protocol.
 4. The method ofclaim 3, characterized in that the data received from the externaldevice are combined by the data carrier with an identification of thedata carrier, and the result of combination is transmitted back to theexternal device within time domain t₂ or in the answer-to-reset signal.5. The method of claim 4, characterized in that the result ofcombination with the identification of the data carrier is transmittedby the latter the external device for authenticity testing.
 6. Themethod of claim 4, characterized in that the data transmitted by theexternal device constitute a random number generated by the latter whichis combined by an exclusive-OR operation with the identification of thedata carrier by the latter, or a polynomial modulo division of therandom number with the identification as the divisor polynomial isperformed by the data carrier.
 7. The method of claim 3, characterizedin that the data received from the external device are combined with adata carrier identification by the special circuit of the data carrier,the result of combination (A) is transmitted back to the external devicewithin time domain t₂ or in the answer-to-reset signal, and the resultof combination (A) is transmitted additionally to the logic units of theintegrated circuit of the data carrier.
 8. The method of claim 7,characterized in that the result of logical combination (A) transmittedto the logic unit is transmitted by the logic unit to the externaldevice and tested in the external device for a predetermined relationwith the result (A) transmitted by the special circuit to the externaldevice.
 9. The method of claim 7, characterized in thatthe result oflogical combination (A) is logically combined with further data in thelogic unit of the data carrier to form a result (x), and the result oflogical combination (x) is transmitted to the external device, and theresult (A) obtained from the special circuit is logically combined withfurther data in the external device to form a result (x'), and theresults (x) and (x') are tested in the external device for apredetermined relation, it being considered proven that the result (A)was transmitted by the special circuit to the logic units of the datacarrier correctly and logically combined there correctly if thepredetermined relation can be checked positively.
 10. The method ofclaim 9, characterized in thatthe external device transmits data to thelogic unit of the data carrier which are logically combined with theresult (A) there to form the result (x), and the same logicalcombination is performed in the external device as in the logic unit ofthe data carrier which leads to the result (x'), and the results (x) and(x') are tested for a match in the external device.
 11. The method ofclaim 8, characterized in thatthe result (A) is logically combined inthe logic unit of the data carrier with data stored in the memory unitsof the data carrier to form the result (x), and the special circuit ofthe data carrier transmits data to the external device, and the result(A) is combined in the external device with the data transmittedadditionally by the special circuit to form the result (x'), and theresult (x) transmitted by the logic unit is checked in the externaldevice for a predetermined relation with the result (x') calculatedthere, it being considered proven that the data stored in the datacarrier memory units fulfill a predetermined relation to the data storedin the special circuit if the predetermined relation can be checkedpositively.
 12. The method of claim 2, characterized in that the datacarrier transmits to the external device within the time domain t₂ anidentification of the data carrier which is then evaluated by theexternal device for testing the authenticity of the data carrier. 13.The method of claim 12, characterized in that the data carrieridentification is combined by the data carrier with a random numbergenerated by the data carrier before being transmitted to the externaldevice, and the result of this combination is transmitted to theexternal device for testing the authenticity of the data carrier. 14.The method of one of claim 1, characterized in that the data used forauthenticity testing are transmitted in synchronism with a clock signaltransmitted by the external device to the data carrier.
 15. The methodof claim 14, characterized in that the data transmission uponauthenticity testing takes place in synchronism with a multiple of theexternal clocking rate.
 16. A data carrier assembly including a datacarrier having at least an integrated circuit with memory units andlogic units and exchanging data with an external device via a data line,the data carrier receiving the operating and control signals necessaryfor operation of the data carrier from the external device and theexternal device having access for reading and/or writing at least topartial areas of the memory units of the data carrier, characterized inthat the integrated circuit additionally has a separate hard-wiredcircuit for transmitting and/or receiving data during a power-upsequence defined according to a protocol, which is used for authenticitytesting, the separate circuit performing the first transmission orreception of data used for authenticity testing independently of thelogic units and memory units of the data carrier within a defined timedomain of the power-up sequence in which the data line has no statedefined by the protocol.
 17. The data carrier assembly of claim 16,characterized in that the separate circuit has an identification for thedata carrier realized in hardware.
 18. The data carrier assembly ofclaim 17, characterized in that the identification for the data carrieris realized by fuses, at least some of the fuses being fired and eachindividual fuse of the identification having associated therewith acomplementary fuse which is in the complementary state to the fuseassociated therewith.
 19. The data carrier assembly of claim 18,characterized in that the special separate circuit has a circuit ortesting whether the complementary fuse associated with each fuse is inthe proper state, and the data carrier identification is only readableif all fuses and the fuses associated therewith are in the proper state.20. The data carrier assembly of claim 17, characterized in that theseparate circuit of the data carrier transmits the data carrieridentification to the external device within the time domain t₂ definedby the protocol ISO/IEC 7816-3.
 21. The data carrier assembly of claim17, characterized in that the separate circuit of the data carriergenerates a random number and combines it with the data carrieridentification.
 22. The data carrier assembly of claim 17, characterizedin that the separate circuit of the data carrier combines a randomnumber received from the external device with the data carrieridentification.
 23. The data carrier assembly of claim 16, characterizedin that the external device has a microprocessor unit and a safetymodule, the safety module being drivable by the microprocessor unit, andthe method of claims 1 to 15 for testing the authenticity of the datacarrier is to be carried out with the safety module.
 24. The datacarrier assembly of claim 23, characterized in that the safety module isconnected directly with the special circuit of the data carrier, anddata are interchangeable between the safety module and the specialcircuit directly and bidirectionally.
 25. The data carrier assembly ofclaim 22, characterized in that the safety module is connected directlywith the logic units of the data carrier, and data are interchangeablebetween the safety module and the logic units directly andbidirectionally.
 26. The data carrier assembly of claim 22,characterized in that she safety module is a chip card to be plugged inan outlet in the external device.